tke授权容器权限

授权只读权限

选择策略生成器

选择要授权的账号

授权只读权限

授权容器登录权限

创建ClusterRole

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  labels:
    cloud.tencent.com/tke-rbac-generated: "true"
  name: tke:pod-exec
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - pods/attach
  verbs:
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  resources:
  - pods/exec
  verbs:
  - create

创建RoleBinging授权给用户

复制只读权限中的相关信息

对账号进行授权容器登录权限

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  annotations:
    cloud.tencent.com/tke-account-nickname: nmk
  labels:
    cloud.tencent.com/tke-account: "100023199976"
  name: 100023199976-Role-pod-exec    
  #namespace: no-critical-service #填写namespace为针对某个命令空间
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: tke:pod-exec    #指定刚创建的ClusterRole
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: 100023199976-1682220970